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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)[E) Responsive to communication(s) filed on 28 September 2007 . 
2a)[E) This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) [X] Claim(s) 1-21 is/are pending in the application. , 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) [X] Claim(s) 1-21 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) IE The drawing(s) filed on 28 September 2007 is/are: a)IEI accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

This Office Action is in response to an Amendment filed September 28, 2007. Claims 1-21 are 
currently pending. Any rejection not set forth below has been overcome by the current Amendment. 

Claim Rejections - 35 USC §103 

1. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to. which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1-21 are rejected under 35 U.S.C. 103(a) as being unpatentable over Ohba et al. (US 
2004/0098588), herein referred to as Ohba. 

As per claims 1,14-16, Ohba discloses a method for performing layer 2 authentication of a Mobile 
Node supporting Mobile IP, as claimed, comprising: 

obtaining layer 2 information including at least one of a MAC address and username associated 
with the Mobile Node (see paragraph 36, where a user device may connect through 802.1 1 and 
authentication may be accomplished at layer 2 and a MAC address is implicit of layer 2, also see end of 
paragraph 37, where username/password can be used for authentication); 

generating an orphaned host object including the layer 2 information (see paragraph 36, where 
the MCS server may maintain the credentials of the user used to authenticate the user).; 

unorphaning the orphaned host object, thereby enabling layer 3 policies to be enforced (see 

paragraph 39, where a TLS session identifier from layer 2 authentication may be used for layer 3 

authentication). 

Although the system disclosed by Ohba shows substantial features of the claimed invention 
(discussed above), it fails to disclose that the unorphaning occurs when an IP address associated with 
the layer 2 information is received such that the unorphaned host object includes the IP address and layer 
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2 information, wherein the IP address associated with the layer 2 information is received without 
performing layer 3 authentication of the Mobile Node. 

. Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Ohba, as evidenced by Droms et al. ("Radius Attributes Sub- 
option for the DHCP Relay Agent Information Option"). 

. In an analogous art, Droms discloses a system for authenticating a network device before 
granting that device access to the network by providing authenticated layer 2 network access (see 
Abstract). Also, Droms discloses that a network element using RADIUS as an authentication authority will 
receive attributes from a RADIUS server that may be used by a DHCP server in the selection of an IP 
address for assignment to the device (see Abstract). Furthermore, Droms shows that a RADIUS 
Attributes sub-option provides a way through which network elements can pass information obtained 
through layer 2 authentication to a DHCP server (see "Introduction and Background"). 

Given the teaching of Droms, it would be obvious to a person having ordinary skill in the art to 
perform layer 2 authentication by associating an IP address with layer 2 information provided by a 
RADIUS server without performing layer 3 authentication of the device (i.e. Mobile Node), such as 
disclosed by Droms, in order to allow or deny network access to the requesting device. 

As per claim 2, Ohba further discloses obtaining a username associated with the Mobile Node; 

wherein the orphaned host object includes the username associated with the mobile node (see 
paragraph 37). 

As per claim 3, Ohba further discloses receiving the layer 2 information in an access request 

packet; 

wherein generating the orphaned host object is performed when an access accept packet is 
received indicating the Mobile Node associated with the layer 2 information has been authenticated by a 
AAA server (see paragraph 36). 

As per claim 4, Droms further renders obvious that unorphaning the orphaned host object 
comprises: 
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receiving a packet including the IP address and the layer 2 information; and updating the 
orphaned host object to include the IP address, thereby generating an unorphaned host object (see 
discussion above regarding how the RADIUS server provides the layer 2 authentication and allows a 
DHCP server to select an IP address for the network device). 

As per claim 5, Ohba does not expressly disclose receiving an ACCT start packet. However, 
Ohba does show that session information is shared by authentication and that the AAA server uses the 
RADIUS protocol. At the time of the invention, a person having ordinary skill in the art would have found 
it obvious to use ACCT start packets when enabling layer 3 policies after associating an IP address with 
layer 2 information in order to keep track of authentication, authorization and accounting. 

As per claim 6, Ohba further renders obvious receiving an ACCT stop packet including the IP 
address; and 

deleting the unorphaned host object when the ACCT stop packet is received (see paragraph 49). 
Considering that it would be obvious to use an ACCT start packet to keep track of authentication,, 
authorization and accounting, it would also be obvious to a person having ordinary skill in the art at the 
time of the invention to issue an ACCT stop packet in order to prevent someone else from maliciously 
using session information. 

As per claim 7, Ohba further discloses deleting the unorphaned host (see paragraph 49). 

As per claim 8, Ohba further renders obvious receiving an ACCT stop packet including the IP 
address; 

wherein deleting the unorphaned host object is performed when the ACCT stop packet is 
received (see rejection of claim 6). 

As per claim 9, Ohba further discloses an IP address of a network device from which the packet 
was received, the method further comprising: 

maintaining a mapping between the IP address of the network device and the IP address of the 
Mobile Node such that a mapping of one or more Mobile Nodes supported by the network device is 
maintained (see paragraph 36, where a mapping of the IP address of the network device (MCS server) 
and the IP address of the Mobile Node is an implied by using the RADIUS protocol). 
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As per claim 10, Ohba further renders obvious that the packet including the IP address and the 
layer 2 information is an ACCT start packet (see paragraph 36, where it is obvious that an ACCT start 
packet is used because the RADIUS protocol is used). 

As per claim 11, Ohba further renders obvious receiving a packet including the IP address of the 
network device that indicates that the network device is not functioning (see paragraph 49, where it is 
obvious that an identifier like an IP address would be used to indicate which device has the error); and 

deleting the unorphaned host object or orphaning a host object for each of the Mobile Nodes 
supported by the network device (see discussion of claim 6). 

As per claim 12, Ohba further renders obvious that the packet including the IP address of the 
network device that indicates that the network device is not functioning is an ACCT-OFF packet. 
Considering that the RADIUS protocol may be used, it would have been obvious to a person having 
ordinary skill in the art that an ACCT-OFF packet is used to indicate a device is shutdown or in this case 
not functioning so is shutting down. 

As per claim 13, Ohba further renders obvious that the IP address of the network device that 
indicates that the network device is not functioning is an ACCT-ON packet. Considering that the RADIUS 
protocol is used and the device, is not functioning, it would have been obvious to a person having ordinary 
skill in the art that when the device is not functioning a reboot would try and correct the problem and then 
the device would send out an ACCT-ON packet in order to inform the RADIUS protocol it is ready to 
accept incoming connections. 

As per claim 17, Droms further discloses enforcing layer 3 policies based upon the layer 2 
authentication of the Mobile Node (see Abstract, where IP address authentication by layer 2 
authentication implies layer 3 policy). 

As per claim 18, Droms further discloses enforcing layer 3 policies without performing layer 3 
authentication (see Abstract, discussing how layer 2 authentication is used in conjunction with an IP 
address to give access to the network). 

As per claim 19, Droms further discloses enforcing layer 3 policies by accessing the unorphaned 
host object (see Abstract, wherein once the layer 2 attributes from the RADIUS server are received by the 
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DHCP server and an IP address is assigned based on the layer 2 authentication, the host object is 
unorphaned and layer 3 policies are enforced because there is an IP address that has already been 
authenticated using layer 2). 

As per claim 20, Droms further discloses enforcing layer 3 policies based upon the IP address of 
the unorphaned host object (see discussion for claim 19). 



3. Claim 21 is rejected under 35 U.S.C. 103(a) as being unpatentable over Ohba in view of Droms 
as applied to claim 1 above, and further in view of Applicants Admitted Prior Art (AAPA). 

Although the system disclosed by Ohba in view of Droms shows substantial features of the 
claimed invention (discussed above), it fails to disclose that the method is performed in an SSG based 
network. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Ohba in view of Droms, as evidenced by AAPA. 

In an analogous art, AAPA discloses how various system can be used for authentication of a 
Mobile Node. For instance a service selection gateway (SSG) (see Specification page 4, lines 13-16). 

Given the teaching of AAPA, a person having ordinary skill in the art would have readily 
recognized the desirability and advantages of modifying Ohba in view of Droms by employing an SSG 
based network, such as disclosed by AAPA, in order to take advantage of SESM solutions such as 
authentication of the user, policy enforcement, etc. 

Response to Arguments 

4. Applicant's arguments with respect to claims 1-21 have been considered but are moot in view of 
the new ground(s) of rejection. 
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Conclusion 



5. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office 
action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of 
the extension of time policy as set forth in 37 CFR 1 . 1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from 
the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date 
of this final action and the advisory action is not mailed until after the end of the THREE-MONTH 
shortened statutory period, then the shortened statutory period will expire on the date the advisory action 
is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later than SIX 
MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Philip J. Chea whose telephone number is 571-272-3951. The examiner can normally be 
reached on M-F 6:30-4:00 (1st Friday Off). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Glenn Burgess can be reached on 571-272-3949. The fax phone number for the organization where this 
application or proceeding is assigned is 571-273-8300. 

information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative 
or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 
1000. 
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